When a breach occurs, after the confusion and panic have passed (or merely settled in), the finger pointing starts. Generally, clients assume that since the anti-virus icon in the corner was there, they were protected. Firewall? Not sure what it is, but I get an alert every now and then about it, so it must be doing something. Passwords? I use them. Sure, they aren’t the most complicated, but c’ mon, why would a hacker want my bank account? I live paycheck to paycheck, believe me, I’m not their target. Or as I would guess is most cases, they think ‘I guess my IT guy wasn’t paying attention to something or didn’t do an update he or she was supposed to do’.
The IT department or MSP runs through the scenario, ensuring that all the precautions they put in place were active and functioning properly. It had to be user error.
Aside from the uninformed logic of the end user in this scenario (hackers will take ANY information they can get), both parties are possibly correct.
Regardless of who’s fault it was, it happened. Remediation and education have to start immediately to fix the damage and prevent it from happening again.
Someone’s Going to Pay for This
Ransomware isn’t what we are talking about here. In this case, we mean that someone will need to be held accountable – but who? There are laws in place and standards to meet, but what if the MSP has done their part and the client has not held up their end of the deal? Who will bear the brunt of the responsibility?
MSPs need to start to look to additional methods of ensuring that their clients are held accountable in the process. That means every employee. An entire business can be taken down by one irresponsible move, made by one single employee.
As the sophistication level of cybercrime develops, so must the processes and procedures of those fighting it. This may mean having a possibly uncomfortable conversation up front with your client and letting them know that you will do your part, but they, in turn, must do theirs. And with fines and legal repercussions being upheld at various levels, you can’t afford not to have this conversation.